GT500

Emsisoft Employee
  • Content Count

    13310
  • Joined

  • Days Won

    412

Posts posted by GT500


  1. 20 hours ago, Kiran2020 said:

    From Last 4-5 months I am waiting for MPAJ rampsomewhere solution. 

    Is there is any update on it? Please guide if anyone got solution.

    This isn't a problem to be solved. Your files are encrypted, and you need the private key for your ID to decrypt them. Since only the criminals have the private keys, it isn't possible for your files to be decrypted unless the ransom is paid.

    Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

    We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
    https://www.bleepingcomputer.com/

    If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
    https://www.bleepingcomputer.com/feed/


  2. Assuming you mean the STOP/Djvu decrypter, please refer to the following from "About the STOP/Djvu Decrypter":

    Quote

    Why won't the decrypter run? The decrypter requires version 4.5.2 or newer of the Microsoft .NET Framework, so this could mean your version of the .NET Framework is out of date. We recommend installing the latest version of the .NET Framework (4.8 at the time of writing this), and then trying the decrypter again.

     


  3. 13 hours ago, ParhaM said:

    Well title is the question.

    Our Behavior Blocker should delete any unknown programs that are attempting to modify the MBR.

     

    13 hours ago, ParhaM said:

    And i'd like to know if Emsisoft protect the system from being used for mining without user knowing? like there used to be some programs that used to do that when they were open in system

    Yes, most mining software is detected by Emsisoft Anti-Malware.

    • Thanks 1

  4. Have you tried our decrypter yet?
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

    Does it say your files have an online ID or offline ID? For files with offline ID's it will probably start decrypting them without requiring you to do anything else, assuming we have the private key for that variant's offline ID.

    For files with an online ID, you'll have to supply file pairs to our online submission form. There's more information at the link above.

    • Like 1

  5. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  6. 20 hours ago, rohietsethi19 said:

    Hi, 

    I have only the encryted file .redmat and don't have the other copy. How can I get the files back from the ransomware..Is there any chance

    If you have an online ID, then you have to have an original/unencrypted copy of each type of file you want to decrypt (or at least for each "first 5 bytes" the decrypter lists in its log). Without file pairs, it isn't possible to generate a keystream that can be used to decrypt your files.


  7. I just noticed that the moderator who removed your e-mail address sent it to me in a private message. Please allow me to apologize for not seeing that earlier.

    Checking your conversation history with Fabio Di Bari (one of our sales representatives) I can see that he sent you two messages. The first was to confirm that your order was being refunded:

    Quote

    We initiated a refund of your recent order #*****5253. Our shop partner 2Checkout will keep you informed about the status of your refund by email.

    If ever you need our services again, do not hesitate to write us to receive our personal attention.

     

    The second was to confirm that your subscription associated with your license key was also canceled:

    Quote

    Please note that the cardholder requested to cancel the subscription with license key ***-***-***-*** .
    If you want to keep your protection active please use the following link to renew manually with a different payment instrument before October 30th: https://www.emsisoft.com/en/order/renew/

    If you need further assistance please do not hesitate to contact us.

     

    2Checkout (the company that handles payments for our online store) also sent the following message:

    Quote

    Возмещение, которое Вы затребовали в отношении заказа #*****5253 от https://www.emsisoft.com, было утверждено. В настоящее время 2Checkout обрабатывает трансфер средств как авторизованный реселлер Emsisoft.

    Возмещаемая сумма 6166.58 RUB будет немедленно перечислена на ваш счет как можно скорее.

     

    All of these messages were sent by e-mail roughly 2 days and 20 hours before I posted this. If you did not receive one or more of these e-mails, then please let me know.

    I have censored parts of these messages to ensure that your license key and order number remain private.


  8. 21 hours ago, zels said:

    The letter was sent from **removed to avoid member being spammed**

    Unfortunately since you posted your e-mail address publicly one of our moderators removed it before I saw it. You'll need to send it to me privately.

    To send a private message on our forums, simply hover your mouse pointer over my screen name and a box with more information will pop up after a few seconds. There should be a link in the lower-left corner of the box to send a message to me.

     

    21 hours ago, zels said:

    The money was returned today, but why didn't they do it right away?

    I can't say for certain until I can see your conversation history with our sales team. What I do know is that it can take at least several days for a refund to appear on a credit or debit card, so it's possible that a refund was processed right away and that it merely took some time to appear on the statement for the payment method you used.


  9. 21 hours ago, Paolo Bardi said:

    I too have been waiting 3 years for a decryption to the (.losers) ransomware and discovered this thread.

    The ransomware that encrypted your files is Cry36. There is no known way to decrypt your files without getting the private key from the criminals who made/distributed the ransomware.

     

    21 hours ago, Paolo Bardi said:

    Is there presently a realistic  chance  for recovery at this time?

    If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can create a decrypter for this ransomware. Unfortunately it's already been several years, and this hasn't happened yet, so there's no way to know when or if it will.


  10. 13 hours ago, chrispol said:

    The new vesion of STOP djvu which put .Foke extension on the files with online id cannot decrypted with the decrypters are avaliable. Any Help? 

    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  11. 19 hours ago, chrispol said:

    New  .Foqe  extension with online ID , cannot be decrypted by now

    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  12. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  13. On 10/11/2020 at 2:10 AM, Shashank said:

    Hello sir my file is encrypted with .Copa ransomware virus. The id is offline id 5sHsKes2XYnEguRaSVYIA8rudOB16MVLvPgGIOt1.

    When will it come .Copa ransomware decrypter tool.

    This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant.

    There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/